Page MenuHomePhabricator

Convert CentralAuthUtilityService to Authority instead of PermissionManager
Closed, ResolvedPublic

Description

CentralAuthUtilityService needs to use Authority instead of PermissionManager

This is blocking the parent task since AuthManager is initialized before $wfExtensionFunction by central auth, so dragging permission manager creates ServiceOptions with a copy of globals too early - the globals can still be changed by the extension function.

This causes issues like T273317

Event Timeline

Pchelolo triaged this task as Medium priority.Feb 1 2021, 6:13 PM
Pchelolo created this task.

CentralAuthUtilityService only uses PermissionManager in attemptAutoCreateLocalUserFromName (used by Special:CreateLocalAccount and maintenance/createLocalAccount.php). User has a private getThisAsAuthority(): UserAuthority and a public authorizeWrite, UserAuthority has no stable constructors or factories.

What's the proper way to "use authority instead of PermissionManager"? Using User::authorize() or somehow constructing a UserAuthority? Something else?

Change 661042 had a related patch set uploaded (by Majavah; owner: Majavah):
[mediawiki/extensions/CentralAuth@master] Split attemptAutoCreateLocalUserFromName to its own service

https://gerrit.wikimedia.org/r/661042

Change 661042 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Split attemptAutoCreateLocalUserFromName to its own service

https://gerrit.wikimedia.org/r/661042

@Majavah did remove the dependency on PermissionManager in CentralAuthUtilityService by introducing a new service called CentralAuthForcedLocalCreationService, that depends on both PermissionManager and the utility service. The service is only used for an user-initiated action (through Special:CreateLocalAccount). IMO, using PermissionManager is in line with what most special pages use for permission checking.

We might also want to use authorities there, through as i'm not yet familiar with that new interface, someone else should probably decide that.

I should have marked the task stalled for now, sorry.

CentralAuthUtilityService only uses PermissionManager in attemptAutoCreateLocalUserFromName (used by Special:CreateLocalAccount and maintenance/createLocalAccount.php). User has a private getThisAsAuthority(): UserAuthority and a public authorizeWrite, UserAuthority has no stable constructors or factories.

Yeah, this is by design. It hasn't been fully evaluated yet, so for now it's only used in core. In a few weeks it will get to stable.

Change 665806 had a related patch set uploaded (by Ppchelko; owner: Ppchelko):
[mediawiki/extensions/CentralAuth@master] Convert to Authority where straightforward

https://gerrit.wikimedia.org/r/665806

Change 665806 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Convert to Authority where straightforward

https://gerrit.wikimedia.org/r/665806